This project has retired. For details please refer to its
Attic page.
DefaultLoginService xref
1 package org.apache.archiva.redback.rest.services;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.archiva.redback.authentication.AuthenticationConstants;
23 import org.apache.archiva.redback.authentication.AuthenticationException;
24 import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
25 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
26 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
27 import org.apache.archiva.redback.keys.AuthenticationKey;
28 import org.apache.archiva.redback.keys.KeyManager;
29 import org.apache.archiva.redback.keys.jdo.JdoAuthenticationKey;
30 import org.apache.archiva.redback.keys.memory.MemoryAuthenticationKey;
31 import org.apache.archiva.redback.keys.memory.MemoryKeyManager;
32 import org.apache.archiva.redback.policy.AccountLockedException;
33 import org.apache.archiva.redback.policy.MustChangePasswordException;
34 import org.apache.archiva.redback.rest.api.model.ErrorMessage;
35 import org.apache.archiva.redback.rest.api.model.LoginRequest;
36 import org.apache.archiva.redback.rest.api.model.User;
37 import org.apache.archiva.redback.rest.api.services.LoginService;
38 import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
39 import org.apache.archiva.redback.system.SecuritySession;
40 import org.apache.archiva.redback.system.SecuritySystem;
41 import org.apache.archiva.redback.users.UserManagerException;
42 import org.apache.archiva.redback.users.UserNotFoundException;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
45 import org.springframework.stereotype.Service;
46
47 import javax.inject.Inject;
48 import javax.inject.Named;
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpSession;
51 import javax.ws.rs.core.Context;
52 import javax.ws.rs.core.Response;
53 import java.util.ArrayList;
54 import java.util.Arrays;
55 import java.util.Calendar;
56 import java.util.List;
57 import java.util.Map;
58 import java.util.TimeZone;
59
60
61
62
63
64 @Service( "loginService#rest" )
65 public class DefaultLoginService
66 implements LoginService
67 {
68
69 private Logger log = LoggerFactory.getLogger( getClass() );
70
71 private SecuritySystem securitySystem;
72
73 private HttpAuthenticator httpAuthenticator;
74
75 @Context
76 private HttpServletRequest httpServletRequest;
77
78 @Inject
79 public DefaultLoginService( SecuritySystem securitySystem,
80 @Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
81 {
82 this.securitySystem = securitySystem;
83 this.httpAuthenticator = httpAuthenticator;
84 }
85
86
87 public String addAuthenticationKey( String providedKey, String principal, String purpose, int expirationMinutes )
88 throws RedbackServiceException
89 {
90 KeyManager keyManager = securitySystem.getKeyManager();
91 AuthenticationKey key;
92
93 if ( keyManager instanceof MemoryKeyManager )
94 {
95 key = new MemoryAuthenticationKey();
96 }
97 else
98 {
99 key = new JdoAuthenticationKey();
100 }
101
102 key.setKey( providedKey );
103 key.setForPrincipal( principal );
104 key.setPurpose( purpose );
105
106 Calendar now = getNowGMT();
107 key.setDateCreated( now.getTime() );
108
109 if ( expirationMinutes >= 0 )
110 {
111 Calendar expiration = getNowGMT();
112 expiration.add( Calendar.MINUTE, expirationMinutes );
113 key.setDateExpires( expiration.getTime() );
114 }
115
116 keyManager.addKey( key );
117
118 return key.getKey();
119 }
120
121 public Boolean ping()
122 throws RedbackServiceException
123 {
124 return Boolean.TRUE;
125 }
126
127 public Boolean pingWithAutz()
128 throws RedbackServiceException
129 {
130 return Boolean.TRUE;
131 }
132
133 public User logIn( LoginRequest loginRequest )
134 throws RedbackServiceException
135 {
136 String userName = loginRequest.getUsername(), password = loginRequest.getPassword();
137 PasswordBasedAuthenticationDataSource authDataSource =
138 new PasswordBasedAuthenticationDataSource( userName, password );
139 try
140 {
141 SecuritySession securitySession = securitySystem.authenticate( authDataSource );
142 if ( securitySession.getAuthenticationResult().isAuthenticated() )
143 {
144 org.apache.archiva.redback.users.User user = securitySession.getUser();
145 if ( !user.isValidated() )
146 {
147 log.info( "user {} not validated", user.getUsername() );
148 return null;
149 }
150 User restUser = buildRestUser( user );
151 restUser.setReadOnly( securitySystem.userManagerReadOnly() );
152
153 httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
154 return restUser;
155 }
156 if ( securitySession.getAuthenticationResult() != null
157 && securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null )
158 {
159 List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>();
160 for ( AuthenticationFailureCause authenticationFailureCause : securitySession.getAuthenticationResult().getAuthenticationFailureCauses() )
161 {
162 if ( authenticationFailureCause.getCause() == AuthenticationConstants.AUTHN_NO_SUCH_USER )
163 {
164 errorMessages.add( new ErrorMessage( "incorrect.username.password" ) );
165 }
166 else
167 {
168 errorMessages.add( new ErrorMessage().message( authenticationFailureCause.getMessage() ) );
169 }
170 }
171
172 throw new RedbackServiceException( errorMessages );
173 }
174 return null;
175 }
176 catch ( AuthenticationException e )
177 {
178 throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
179 }
180 catch ( UserNotFoundException e )
181 {
182 throw new RedbackServiceException( e.getMessage() );
183 }
184 catch ( AccountLockedException e )
185 {
186 throw new RedbackServiceException( e.getMessage() );
187 }
188 catch ( MustChangePasswordException e )
189 {
190 return buildRestUser( e.getUser() );
191 }
192 catch ( UserManagerException e )
193 {
194 log.info( "UserManagerException: {}", e.getMessage() );
195 List<ErrorMessage> errorMessages =
196 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
197 throw new RedbackServiceException( errorMessages );
198 }
199
200 }
201
202 public User isLogged()
203 throws RedbackServiceException
204 {
205 SecuritySession securitySession = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) );
206 Boolean isLogged = securitySession != null;
207 log.debug( "isLogged {}", isLogged );
208 return isLogged && securitySession.getUser() != null ? buildRestUser( securitySession.getUser() ) : null;
209 }
210
211 public Boolean logout()
212 throws RedbackServiceException
213 {
214 HttpSession httpSession = httpServletRequest.getSession();
215 if ( httpSession != null )
216 {
217 httpSession.invalidate();
218 }
219 return Boolean.TRUE;
220 }
221
222 private Calendar getNowGMT()
223 {
224 return Calendar.getInstance( TimeZone.getTimeZone( "GMT" ) );
225 }
226
227 private User buildRestUser( org.apache.archiva.redback.users.User user )
228 {
229 User restUser = new User();
230 restUser.setEmail( user.getEmail() );
231 restUser.setUsername( user.getUsername() );
232 restUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
233 restUser.setLocked( user.isLocked() );
234 restUser.setValidated( user.isValidated() );
235 restUser.setFullName( user.getFullName() );
236 return restUser;
237 }
238 }